Maintained by: NLnet Labs

[Unbound-users] unbound + nsd: acl to only allow non-recursive requests?

Joe Abley
Mon Feb 10 22:41:49 CET 2014


On 2014-02-10, at 16:17, Jiri Bohac <jiri at boha.cz> wrote:

> I'm trying to replace my bind server with unbound + nsd.
> My DNS server works both as authoritative for a few zones and
> also as a recursive resolver for a few subnets.

How about planning to run unbound and NSD independently, each bound to different addresses? You'll need to renumber your nameserver in the appropriate registries, but if there are only a few zones involved, that seems unlikely to be difficult.

Your life will get easier in the long run if you treat recursive and authoritative DNS as separate, independent services.


Joe
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20140210/2c8ba395/attachment.sig>